b'                    U.S. G O V E R N M E N T\n              \'=\'   PRINTING OFFICE\n                    KEEPING AMERICA INFORMED\n\n\n\n\nASSESSMENT\n              FEDERAL DIGITAL SYSTEM (FDSYS)\nREPORT        INDEPENDENT VERIFICATION AND\n09-03        VALIDATION (IV&V) - FIFTH QUARTER\n               REPORT ON RISK MANAGEMENT,\n                 ISSUES, AND TRACEABILITY\n                         December 24,2008\n\n\n\n\n        OFFICE OF INSPECTOR GENERAL\n\x0c                        \'\' PRINT IN G 0F F I C E\n                                                                  Memorandum\n                                                                  OFFICE OF THE INSPECTOR GENERAL\n                             KEEPING AMERICA INFORMED\n\n\n\n\n    DATE:      December 24,2008\n\nREPLY TO\n ATTN OF: Assistant Inspector General for Audits and Inspections\n\n SUBJECT: Federal Digital System (FDsys) Independent Verification and\n          Validation (IV&V) - Fifth Quarter Report on Risk Management, Issues, and\n          Traceability\n          Report Number 09-03\n\n      TO:      Chief Information Officer\n\n\n      The GPO Office of Inspector General (OIG) is conducting independent verification and\n      validation (IV&V) of GPO\'s Federal Digital System (FDS~S)\'      implementation. The OIG\n      contracted with American systems2to conduct IV&V for the public release of FDsys\n      Release 1. c . ~AS part of its contract with the OIG, American Systems is assessing the\n      state of program management, technical and testing plans and other efforts related to the\n      rollout of Release 1.C. American Systems is required by the contract to issue to the OIG\n      a quarterly Risk Management, Issues, and Traceability Report, providing observations\n      and recommendations on the program\'s technical, schedule, and cost risks as well as\n      requirements traceability of those risks and the effectiveness of the program management\n      processes in controlling risk avoidance. Additionally, at the end of each FDsys release\n      phase, American Systems is required to issue a release phase summary program\n      management report that addresses delivery of the technical baseline per the FDsys Master\n      Program Schedule and the risks that affect the schedule\'s critical path to the next phase.\n\n      The enclosed report is American Systems\' quarterly report for the period July 2008 to\n      September 2008. Section 6 of the report contains ten recommendations designed to\n      improve current and future FDsys project efforts. Management concurred with six of the\n      ten recommendations, partially concurred with one, and nonconcurred with three. We\n\n      1\n        The FDsys program is a multimillion dollar effort that GPO is funding and managing to modernize the\n      GPO information collection, processing, and dissemination capabilities it performs for the three branches of\n      the Federal Government.\n        American Systems, located in Chantilly, Virginia, is a large information technology company with\n      significant experience in the realm of IV&V for Federal civilian and Defense agencies, including the\n      Department of State, the Navy, and the U.S. Agency for International Development.\n        American Systems IV&V methodology is referenced to the framework established by the Institute of\n      Electrical and Electronic Engineers (IEEE) Standard 1012-2004, the IEEE Standard for Software\n      Verification and Validation.\n\x0cconsider the actions proposed by management responsive to each of the six\nrecommendations. Those recommendations are resolved and will remain open until\nIV&V has verified that agreed to actions have been taken. While we do not agree with\nthe position taken by management on the remaining four recommendations, we are\nclosing these recommendations upon issuance of this report. The rationale behind ow\ndecision to close these four recommendations is provided in the "Evaluation of\nManagement\'s Response" section that follows each recommendation in Section 6 of the\nreport. The status of each recommendation upon issuance of this report is included in\nAppendix B. The final report distribution is in Appendix C.\n\nIn response to this report (see Appendix A), management requested that FDsys IV&V\nreports be issued in final no more than one month after the assessment period. However,\ndue to ow contract with American Systems and our internal OIG quality control process,\nwe are not able to meet this request. Ow primary objective is to communicate timely\nwith management as conditions and concerns arise that may affect the FDsys program\nand the OIG has once again provided this timely input to management. For example,\nduring this reporting period, we provided formal briefings to management on October 6\nand 16. As required by ow contract, we received American Systems\' IV&V 5thquarter\nreport on October 20. We subsequently provided management with an unofficial draft\nfor review and comment on October 22. Management provided unofficial comments on\nOctober 30. We made several changes to the report that management requested, and\nissued the official draft on November 25. We believe this process not only provides\nmanagement with timely information, but also allows both the OIG and management to\nagree to the extent possible on the facts contained in the draft and final reports.\n\nIf you have questions concerning t h s report or the IV&V process, please contact\nMr. Brent Melson, Deputy Assistant Inspector General for Audits and Inspections at\n(202) 5 12-2037, or me at (202) 5 12-2009.\n\n\n\n\nKevin J. Carson\nAssistant Inspector General for Audits and Inspections\n\nAttachment\n\ncc:\nChief of Staff\nChief Acquisition Officer\nChief Management Officer\nChief Technology Officer\n\x0c                                                                        ATTACHMENT\n\n\n   IV&V RISK MANAGEMENT, ISSUES, AND TRACEABILITY\n                     REPORT\nTO:              Brent Melson, COTR\nFROM:            IV&V, Jon Valett\nIV&V OF:         Quarterly Report (Revised Final - Document Number 01-049)\nSUBJECT:         July - September 2008 Quarterly Report\nDATE:            November 7,2008\nCC:              Dan Rose, David Harold, John Best, Chris Pan, Shawn OYRourke\n\n\nBackground:\n\nBy contract, American Systems, Inc., as an Independent Verification and Validation\n(IV&V) agent for the Office of the Inspector General (OIG), is required to provide\nquarterly reports that present the critical, technical, schedule, and cost risks that are\nidentified for the Government Printing Office (GPO) Federal Digital System (FDsys)\nProgram.\n\nThe risks delineated below were identified by IV&V in prior Quarterly Reports and are\nstill being identified in the current IV&V Quarterly Report.\n\n        Lack of a detailed Integrated Master Schedule (IMS), lack of a Program\n       Management Plan (PMP), and lack of Earned Value (EV) data represents a\n        schedule risk (IV&V Quarterly Report June 2008; IV&V Quarterly Report March\n       2008; IV& V Quarterly Report September 2007);\n       The slip of the Detailed Design Review (DDR) makes achieving the December\n       2008 date highly unlikely. (IV&V Quarterly Report June 2008; IV& V Quarterly\n       Report March 2008);\n       Lack of a design methodology that shows how all of the artifacts being developed\n       consistently flow from the system architecture down to the detailed design\n       represents a technical risk. (IV&V Quarterly Report June 2008; IV& V Quarterly\n       Report December 2007; IV& V Quarterly Report September 2007);\n       Lack of parser development will likely result in a schedule slip, diminished\n       number of collections available and potential user dissatisfaction. (IV&V\n       Quarterly Report June 2008; IV&V Quarterly Report March 2008);\n       The Master Test Plan continues to lack a complete definition of the overall test\n       strategy. (IV& V Quarterly Report March 2008; IV& V Quarterly Report\n       December 2007); and\n       Less than expected activity has been seen in the areas of operations, training,\n       certification & accreditation, and organizational change management. There is a\n       risk that this delay will result in these activities taking longer than expected.\n       (IV&V Quarterly Report June 2008; IV&V Quarterly Report December 2007;\n       IV&V Quarterly Report September 2007).\n\x0cCurrent:\n\nThis report presents the critical technical, schedule, and cost risks identified for the\nGovernment Printing Office (GPO) Federal Digital System (FDsys) Program.\nSpecifically, it provides a high-level overview of the key risks and issues that IV&V has\nidentified within the last quarter. This report also addresses N&V task reports covering\nthe Evaluation of the FDsys Detail Design and, the FDsys Release 1C.2 (RlC2) Drop 1\'\nSystem Integration Test (SIT) Plan and Test Procedures that were performed over this\nsame time period.\n\nThis is the fifth N&V quarterly report and covers the period from July 2008 to\nSeptember 2008. It includes information taken from the following:\n\n    N & V Task Report, Evaluation of the FDsys Release I C.2 Drop 1 System Integration\n    Test Plan and Test Procedures, October 2,2008;\n    N&V Task Report, Evaluate Detailed Design, October 3,2008; and\n    IV&V Documentation ~eviews\'.\n\nOver the last quarter several areas of the program are making significant progress. Key\nobservations over t h s period are as follows:\n\n        The risk program continues to add new risks and, review and evaluate risk\n        handling plans for previously identified risks. Additionally, risks that have now\n        become problems are also reviewed and discussed.\n\n         Configuration management activities are occurring. The Configuration Control\n         Board (CCB), Engineering Review Board, and Software CCB have been meeting\n         to review potential changes that may affect the FDsys Program.\n\n         Much progress has been made in .a number of design areas, e.g., the search\n         architecture and design appears technically sound. A lot of effort resulted in\n         delivery of system design documentation; however, N&V has noted a number of\n         design gaps.\n\n         Updates to a number of program related documents have been made, peer\n         reviewed, and approved by the CCB. Many documents have writing and\n         formatting issues that indicate that no Quality Assurance (QA) is being done on\n\n The Program Management Office (PMO) has broken Release 1.C2 (RlC2) into three (3) software drops.\nEach Drop has a prescribed scope consisting of a number of system and derived requirements that have\nbeen allocated to it and contains that portion of the functionality related to the requirements that will be\ndeveloped for RlC2. Each Drop builds on the functionality that preceded it, e.g., Drop 2 builds on the\nhnctionality that was developed for Drop 1.\n Note that the IV&V comments found against the following FDsys documents were provided to the FDsys\nProgram Director to facilitqte the document review process and were not part of a formal IV&V report\ndelivery. IV&V reviewed the: Configuration Management Plan; Site Preparation and Installation Plan;\nMaster Test Plan; Change Management Plan; and Program Tracking Report Software (PTRSW) Process\nDirective.\n\x0c         the products. In addition there appears to be no standard format that is\n         consistently followed for FDsys documents.\n\n         The PMO designated a team to begin the planning of the training efforts needed to\n         support the deployment of FDsys RlC2. An updated Training Plan has been\n         developed which includes a training schedule and list of planned deliverables.\n         System training and organizational change will be critical to stakeholder\n         acceptance of FDsys when it is deployed. At this point, however, the existing\n         R1C2 documentation design details are still insufficient to develop complete and\n         detailed training materials (e.g., manuals that contain step-by-step procedures to\n         perform tasks). Additionally, the program plans to roll-out user training prior to\n         User Acceptance Testing which is a significant risk.\n\n         The conduct of formal review meetings on a regular basis (e.g., monthly) is\n         continuing and very beneficial to the FDsys Program. These meetings provide a\n         fonun for the FDsys team to coordinate activities, evaluate progress, and discuss\n         problem areas. Each meeting includes an agenda that encompasses the current\n         tasks being performed. Representatives from the Program Management Office\n         (PMO), Harris, and the other PMO Contractors present information related to\n         their efforts. Questions/concerns (if any) from the team members are addressed.\n\n         Weekly meetings between the FDsys Program Director and IV&V Manager foster\n         open communication and enable IV&V to be made aware of documents available\n         for review and changes in program schedule.\n\n\n1. Technical Risks Identified\n\nDuring the last quarter several technical risks were identified:\n\n         While there is still no approved Project Management Plan (PMP), an Integrated\n         Master Schedule (IMS) has been provided. The IMS is quite detailed with the\n         tasks numbering more than one thousand. While it is a significant first step, the\n         IMS is not realistic and, given the number of tasks and a highly diverse team, the\n         IMS will be difficult to status. Using the deployment date of December 3 1,2008,\n         the one thousand tasks have been forced into the schedule to ensure that the\n         deployment date is realized. For example, SIT, User Acceptance Testing, and\n         User Training are all scheduled to be conducted simultaneously. Also, while the\n         schedule is being statused, no critical path6 has been defined and missed task\n         completion dates do not seem to affect the deployment date, i.e., missing these\n         dates does not cause the deployment date to change. Missing tasks dates could\n\n6\n  The Critical Path is the longest sequence of activitiesltasks that must be completed for a project to\ncomplete on its designated due date. Usually an activityltask on the Critical Path cannot start until the\npredecessor task is complete. If an activityltask does not finish on its scheduled completion date then the\nentire project incurs a delay equal to the number of days late that that task completes; unless, subsequent\ntasks on the Critical Path are able to be completed ahead of their scheduled completion date.\n\x0c       manifest itself in the design and deployment of a system that does not meet\n       system requirements and user expectations.\n\n       IV&V reviewed numerous FDsys artifacts that have been generated in support of\n       the FDsys program. In an effort to facilitate and foster communication between\n       IV&V and the program, and with the approval of the OIG, IV&V forwarded the\n       results of these reviews to the FDsys Program Director for dissemination to the\n       respective document owners/authors for review and update using the IV&V\n       comments as appropriate. The results of IV&V review exposed a number of\n       deficiencies. Specifically, IV&V has found that:\n\n           o In addition to potential deficiencies in these documents, the documents in\n             many cases were poorly written to include poor grammar and numerous\n             spelling errors. To that end, IV&V has concluded that there is little or no\n             QA being performed on the FDsys program. The program lacks a QA Plan\n             and lacks an independent QA presence. In order to ensure its\n             independence, QA should be conducted by individuals who are not\n             responsible for other areas of the program;\n           o The IV&V reviews exposed a less than desired document approval\n             process. IV&V is aware that the CCB ultimately approves FDsys\n             documentation that has been peer reviewed and commented on by other\n             team members. The document owners/authors then update those\n             documents (based on the peer review). It is troubling to find the amount of\n             errors in these documents because they are considered to be approved\n             documents; and\n           o This then exposes a poor peer review process. Many of the errors found\n             by IV&V should have been detected by peer review members and\n             corrected by the individual document owners/authors.\n\n\n2. Schedule Risks Identified\n\nSchedule risks incurred by technical risks previously presented are provided below.\n\n       IV&V has performed a very preliminary review of the IMS and believes that the\n       schedule is not realistic. Too many tasks are scheduled to be performed\n       simultaneously during December of 2008 and tasks that should be performed\n       sequentially are scheduled to be performed in parallel.\n       While many tasks have been identified, tasks that miss scheduled completion\n       dates have not affected the deployment date of late 2008, i.e., the deployment date\n       remains constant - never subject to change even when tasks are not being\n       completed on time. While IV&V recognizes that every task date that is missed\n       will not cause an overall schedule slip, it is not clear that the schedule has been\n       evaluated to determine if the missed dates would cause a slip. Without a critical\n       path analysis, the program cannot really determine what impact any missed task\n       completion dates will have on the overall schedule.\n\x0c        The implementation of SIT has resulted in the lack of a complete and thorough\n        verification of Drop 1 software. Overall, IV&V concluded that the Drop 1 test\n        procedures do not adequately test the system. None of the test procedures\n        completely demonstrates the requirements associated with the Test Case. With a\n        greater than 50% failure rate of the Drop 1 SIT test cases, coupled with an\n        incomplete design, the likely result will be schedule delays and a missed\n        December 2008 deployment date.\n\n        The number of gaps exposed in the detailed design has the potential to cause a\n        schedule slip. Working to an already aggressive schedule, program personnel\n        may be redirected or have to re-double their efforts to provide this information.\n\n        The Detailed Design Review (DDR) was conducted September 2008, after\n        initially being targeted for May 2008. While it is positive that the DDR was\n        conducted, the almost four (4) month slip since the original plan makes the goal\n        of achieving a December 2008 deployment date highly unlikely.\n\n       User Training is currently scheduled to occur prior to conduct of the actual User\n       Acceptance Testing (UAT). Implementing training based on an incomplete\n       design prior to UAT, where additional errors may be discovered, jeopardizes an\n       already tenuous deployment date of December 2008.\n\n\n3. Cost Risks Identified\n\nThere are inherent cost risks associated with the technical and schedule risks. Program\ncost has been presented at the Program Review meetings with the indication that funds\nwill be expended by January 2009; however, there is no correlation between the cost to-\ndate and performance (e.g., amount of total software completed). Even with an IMS,\nearned value data is just starting to be compiled; therefore, without the earned value data,\nexpenditures cannot be evaluated with respect to Program progress.\n\n       By their nature, cost risks are directly correlated with schedule risks. Any\n       schedule increase generally results in additional costs.\n\n\n4. Evaluate FDsys Release 1C.2 Drop 1 System Integration Test Plan and Test\n   Procedures\n\nDuring this quarter, IV&V performed a Quick Look Report documenting findings from\nthe review of the FDsys System Integration and Test (SIT) Plan for Release 1C.2 (RlC2),\nVersion 2.0, dated August 27,2008. This Plan, describes the Government\'s approach to\nverifying the system requirements prior to formal User Acceptance Testing (UAT) and\nBeta Testing. As part of this review, IV&V evaluated the Test Cases used to demonstrate\nthe requirements incorporated into the Drop 1 software for RlC2.\n\x0cIV&VYsreview produced separate comments against both the SIT Plan and the SIT Test\nProcedures and a summary evaluation of risks and recommendations. The IV&V review\nfound significant problems both in the SIT Test Plan and the Test Procedures. The\nreview of the Drop 1 Test Cases, however, uncovered serious deficiencies in both the\napproach to and content of the testing.\n\nThe SIT Plan, which presents the overall approach for testing R1C2, defines a\nrequirements-based approach that is being implemented to verify the system. The IV&V\nreview found that the SIT Plan does not describe any testing details. IV&VYsconclusion\nis that the SIT Test Plan does not provide an overarching approach to testing; rather, a\nsimple mapping of requirements to test cases.\n\nIV&V review of the SIT Test Cases uncovered serious deficiencies in both the approach\nand content of the testing. Overall, the Drop 1 test procedures do not adequately test the\nsystem. They lack specific expected results; consist of minimal steps to demonstrate the\nrequirements andfor encompass their intended functionality; contain little or no\ndescription of the purpose of each test; and often do not address the requirements\nassigned to the tests. The IV&V review of the test results showed that 56% of the test\nprocedures failed to demonstrate the intended functionality defined by the requirements.\nAdditionally, another 34% of the test procedures only partially demonstrated the system\nrequirements mapped to these test procedures.\n\nBased on this review and evaluation, IV&V has a number of general observations\nregarding the SIT test procedures and the overall test approach being employed.\n\n   The Test Team does not appear to have a thorough understanding of the system\n   requirements and their implementation. Test descriptions are minimal, and specific\n   expected results are almost non-existent. The extent of the test (e.g., number of steps)\n   is usually inconsistent with the scope of the requirement and its functionality. In\n   addition, some tests contain steps that are unrelated to the validation of the\n   requirements (e.g., sorting search results for no apparent reason).\n\n   There is no overarching approach to testing FDsys functionality. Each Test Case\n   addresses a single requirement outside the context of the system. Closely related\n   requirements are not logically grouped in a single test based on the functionalitythey\n   implement (e.g., requirements associated with the Advanced Search page). As a\n   result, many test procedures are very similar with only minor differences in the steps.\n\n   The system requirements, which form the basis for the test procedures, are still an\n   issue. For Drop 1, each system requirement (i.e., RD) was decomposed into one or\n   more derived requirements (i.e., DRs) to support testing. These DRs, however,\n   seldom clarify the intent or implementation of the DR. In many cases, the DRYs\n   simply divide a compound system requirement into multiple statements; or, they re-\n   specify the DR in terms of the Federal Register. The implemented functionality\n   associated with the DRs is not obvious leading to potential misinterpretation by the\n\x0c    Test Team. As a result, it is not clear whether or not the test procedures verify the\n    original intent of the requirements.\n\n    Although Drop 1 was focused exclusively on public user access, comprehensive\n    testing of the public user interfaces is not performed. Each link, option, and user\n    input for each public Graphical User Interface (GUI) is not formally tested. In\n    addition, no Section 508 compliance testing was performed for the Drop 1 GUIs. It is\n    not clear from any test plan exactly when 508 compliance testing will be conducted.\n\n    A primary objective of FDsys R1C2 is to replace (and enhance) the current\n    functionalityprovided by GPO Access. However, the Test Cases do not focus on\n    verifying that this objective is achieved to the extent possible for Drop 1. For\n    example, there are no specific Test Cases that validate that FDsys subsumes the\n    existing GPO Access capabilities related to the Federal Register.\n\n   GPO Access is seldom used as the "authoritative source" for the "expected results"\n   listed in the test procedures. Instead of direct comparisons between the search results\n   produced by FDsys and GPO Access (i.e., for the Federal Register), the test\n   procedures often conduct generic searches that retrieve many records. The tester is\n   asked to "review" the search results to ensure that each record matches the search\n   criteria.\n\n   The concept of error processing is completely missing from the Test Cases. One test\n   procedure (for RD-2694) mentions error messages (i.e., related to improper search\n   criteria); but, these messages are not described. Verification of each public user error\n   and/or warning message that can be generated by FDsys is not performed. For\n   example, error messages caused by invalid data entries (e.g., values, formats) made\n   by the user are not tested.\n\n   The test procedures related to system logs are not meaningful. Instead of tests that\n   identify and generate specific logging events which can later be verified, the Drop 1\n   test philosophy consists of simply checking the system log. It is unclear what the\n   tester would check.\n\nBased on these findings, IV&V identified the following technical and management risks:\n\n       The test strategy focused only on individual requirements and is cumbersome,\n       redundant, and ineffective. There are numerous test procedures but many of them\n       are repetitive with modification of a few steps each time. Many of the test\n       procedures do not address the requirements they are suppose to verify. The\n       strategy of moving forward with development of subsequent Drops while still\n       fixing numerous Program Trouble Reports (PTRs), due to the numerous test\n       failures resultant from Drop 1 testing, will increase the difficulty in assuring that\n       the Requirements Document (RD) requirements and Derived Requirements (DRs)\n       will be satisfied. To that end, FDsys R1C2 will be a public facing system that\n       will replace and enhance the existing operational system. Without thorough test\n\x0c       procedures to verify and validate all options and capabilities, the PMO risks\n       deploying a system that will be unreliable and not meet the needs of the user\n       community.\n\nThe IV&V recommendations related to this task were delivered to the GPO Chief\nInformation Officer (CIO) in a report dated October 2,2008. Additionally, the findings\nand recommendations from the IV&V task were briefed to the GPO CIO on October 6,\n2008. These recommendations are provided in Section 6 of this report.\n\n\n5. Evaluate Detailed Design\n\nDuring this quarter, IV&V also performed an assessment of the FDsys detailed design\ndocumentation for Release 1.C2, specifically, the System Design Document (SDD). The\ngoal of the FDsys SDD evaluation was to determine if the SDD was complete, consistent,\nand conformed to applicable standards in format, purpose, and content.\n\nIV&V reviewed six (6) of the eight (8) volumes that comprise the SDD. IV&V\'s review\nproduced high level comments against the SDD in-total and separate technical comments\nfor each of the six (6) volumes that were reviewed. IV&V noted that significant progress\nhad been made in a number of areas and a number of the SDD volumes were technically\nsound; however, the IV&V review also note that there are still a number of system design\nareas that require attention. Some of the SDD volumes show great detail and\ncohesiveness while others are still lacking depth and breadth of information required for a\ndetailed design document; especially for a program that has completed Coding and\nSystem Integration Testing (SIT) for Drop 1.\n\nBased on these findings, IV&V identified specific areas of concern in the detailed design.\nThey include:\n\n       Architecture;\n       RequirementsITraceability;\n       Integrated Library System (ILS) integration;\n       Workflows;\n       Use Cases;\n       Data Migration; Exception Handling;\n       Log Files;\n       Backup and Recovery;\n       System Monitoring; and\n       Performance.\n\nFrom these, N&V has identified the following risk:\n\n       The effects of the design not being fully complete may manifest themselves as ,\n       technical, cost, and schedule risks. The lack of a complete design of the system is\n       very problematic. FDsys R1C2 is a completely new, public facing system which\n\x0c       replaces and enhances the capabilities and functionalityof an existing operational\n       system. Gaps in the design place a great burden on the development, test, and\n       training efforts and if not corrected in subsequent Drops, may result in a longer\n       than expected SIT process that jeopardizes deployment of FDsys by December\n       3 1,2008. If FDsys is deployed, these design gaps have the potential to be\n       exposed to both the public and the internal user community; resulting in user\n       dissatisfaction that stems from a deployed system that contains less hnctionality\n       than has been promised.\n\nThe IV&V recommendations related to this task were delivered to the GPO CIO in a\nreport dated October 15,2008. Additionally, the findings and recommendations from the\nIV&V task were briefed to the GPO CIO on October 16,2008. These recommendations\nare provided in Section 6 of this report.\n\n6. Recommendations\n\nThe IV&V recommendations are provided below. These encompass the\nrecommendations previously included in the IV&V Task Reports discussed in this\ndocument.\n\n   1) IV&V can appreciate the effort put forth by the FDsys PMO and technical team to\n      meet the stated deployment date; however, IV&V recommends that the PMO\n      strongly consider adjusting the schedule now to allow sufficient time to address\n      the issues identified in SIT and in the current design. The PMO should build the\n      new schedule by doing a bottom up analysis of the effort needed to perform each\n      of the tasks in the schedule, and set a realistic date for deployment based on that\n      data. The current schedule does not provide enough time for many critical\n      activities, including, testing, security testing, and training. In conjunction the\n      PMO needs to re-establish user community expectations.\n\n   Management\'s Response. Nonconcur. The FDsys management team has considered\n   adjusting the schedule. However, the FDsys team believes the schedule is sound and\n   achievable. The complete text of management\'s response is in Appendix A.\n\n   Evaluation of Management\'s Response. American Systems does not believe the\n   current schedule is achievable because of the extensive overlap of the test efforts and\n   the likelihood that testing will take longer than scheduled. However, given that the\n   PMO is committed to work to the current schedule, IV&V will continue to monitor\n   the program\'s adherence to their schedule and report accordingly. Therefore, we are\n   closing this recommendation upon issuance of the final report.\n\n   2) Once the schedule is established, IV&V recommends that the program institute\n      some type of earned value (EV) measurement, as recommended in previous\n      IV&V reports. Without EV data, determining project progress is nearly\n      impossible.\n\x0cManagement\'s Response. Concur. With the IMS in place the PMO is working to\ndetermine how to best employ EVM on the FDsys program to support R1C2 as well\nas future releases. It is likely that EVM will not be used in the first release and that\nEVM will be used to support the second release (see Appendix A).\n\nEvaluation of Management\'s Response. Management\'s proposed actions are\nresponsive to the recommendation. The recommendation is resolved, but will remain\nundispositioned and open for reporting purposes until corrective actions are\ncompleted.\n\n3) IV&V recommends that the PMO establish a realistic training program and\n   schedule. Scheduling user training prior to UAT threatens to minimize and\n   undermine user confidence that FDsys will perform as currently advertised.\n\nManagement\'s Response. Nonconcur. The PMO does not foresee any issue with\nscheduling training prior to UAT, as it ensures GPO users are comfortable in their\nroles and can adequately perform testing and provide feedback (see Appendix A).\n\nEvaluation of Management\'s Response. American Systems believes there is an\ninherent risk to training users during UAT due to the potential for the system to\ncontinue to evolve during this period. However given that the PMO is committed to\nwork to the current schedule, we are closing this recommendation upon issuance of\nthe final report. We encourage the PMO to reconsider this approach for future FDsys\nreleases.\n\n4) IV&V recommends that a more reasonable test strategy than the current approach\n   (i.e., one test for each RD) be developed. Verify logical groups of requirements\n   that define specific functionality.\n\nManagement\'s Response. Concur. The PMO reviewed IV&V test\nrecommendations with the FDsys test lead and the recommendations are being\napplied to the test program as applicable (see Appendix A).\n\nEvaluation of Management\'s Response. Management\'s proposed actions are\nresponsive to the recommendation. The recommendation is resolved, but will remain\nundispositioned and open for reporting purposes until corrective actions are verified\nby the IV&V team.\n\n5) IV&V recommends that the process used to decompose the Requirements\n   Document (RD) to support testing should be improved. The Derived\n   Requirements (DRs) should encompass the intent of the RD not just the wording\n   of the RD. Where applicable, information from the PMO\'s Technical Memos\n   should be included in the decomposition to ensure that all the expected\n   functionality associated with the RD is implemented by the developers and is\n   subsequently demonstrated during the SIT.\n\x0cManagement\'s Response. Concur. A second systems engineer was added to the\nprogram on October 7 to provide additional requirements and test support. The\nIV&V recommendation on decomposition of parent requirements will be applied as\napplicable (see Appendix A).\n\nEvaluation of Management\'s Response. Management\'s proposed actions are\nresponsive to the recommendation. The recommendation is resolved, but will remain\nundispositioned and open for reporting purposes until corrective actions are verified\nby the IV&V team.\n\n6 ) IV&V recommends that the overall scope of the test procedures be expanded to\n    more thoroughly test the system. Verify Graphical User Interfaces (GUIs), error\n    messages, data validation processing, logging events, and other design aspects not\n    explicitly defined in the system requirements (e.g., workflows, help information).\n    In addition, utilize GPO Access to establish a concrete set of expected results, and\n    verify that all current GPO Access capabilities have been incorporated into\n    FDsys.\n\nManagement\'s Response. Concur. The PMO reviewed IV&V test\nrecommendations with the FDsys test lead and the recommendations are being\napplied to the test program as applicable (see Appendix A).\n\nEvaluation of Management\'s Response. Management\'s proposed actions are\nresponsive to the recommendation. The recommendation is resolved, but will remain\nundispositioned and open for reporting purposes until corrective actions are verified\nby the IV&V team.\n\n7) IV&V recommends that the overall scope and content of the SDD be expanded to\n   account for the missing design information. Provide an end-to-end view of the\n   system architecture to facilitate a better understanding of the system. System Use\n   Cases should be included as part of the design documentation to provide\n   developers with a more thorough view of user roles and responsibilities.\n\nManagement\'s Response: Nonconcur. The SDD addresses the architectural end-to-\nend view in terms of business processes implementation. Use cases included are\nreflected in and implemented as workflow activities. User roles along with groups\nare described in the repository design as well. Workflow task assignments depend on\nuser roles (see Appendix A).\n\nEvaluation of Management\'s Response. American Systems believes that the SDD\nis still missing sections that would make it more complete, which creates a risk to the\nsystem\'s overall quality. While we disagree with management\'s response, we are\nclosing this recommendation upon issuance of the final report. Moving forward with\nthe SDD in its current state creates risks both to the ability to maintain the system and\nthe quality of the next release. IV&V will continue to evaluate the SDDYs\ncompleteness.\n\x0c8) Technical information related to handling of exceptions, execution and updating\n   of workflows in the system, use and maintenance of log files, system monitoring,\n   backup and recovery processes, data migration, and inclusion of an ICD will\n   make the SDD a more sound, technical document and have the potential to\n   eliminate errors in both development and integration. Failure to address these\n   issues jeopardizes development, deployment, and the quality of the deployed\n   system.\n\nManagement\'s Response. Partially Concur. The area of exception handling, system\nmonitoring, and backup and recovery have been addressed in the FDsys R1C2 SDD.\nAn Interface Control Document for the Integrated Library System has been developed\nand reviewed. A data migration plan is under review within the PMO (see Appendix\nA).\n\nEvaluation of Management\'s Response. American Systems agrees that a data\nmigration plan and an ICD have been developed. However, American Systems\nbelieves that the SDD is missing complete descriptions of design for the remaining\nlisted areas, which creates a risk to the system\'s overall quality. We are closing this\nrecommendation upon issuance of the final report.\n\n9) Update the Repository design documentation to provide details regarding the\n   implementation of the system workflows via Documentum. In particular,\n   describe the Rules file and Rules Engine and explain how they interact within the\n   workflow processing. To support future maintenance and modifications, these\n   items should be fully documented.\n\nManagement\'s Response. Concur. The Repository design has been updated to\naddress the rules engine and configuration (see Appendix A).\n\nEvaluation of Management\'s Response. Management\'s proposed actions are\nresponsive to the recommendation. The recommendation is resolved, but will remain\nundispositioned and open for reporting purposes until corrective actions are verified\nby the IV&V team.\n\n10) IV&V recommends that a Quality Assurance (QA) program be instituted for\n    FDsys program. The QA program will require an independent, dedicated\n    (although not necessarily full-time) resource. QA should review the processes\n    implemented on the FDsys program to include the peer review process, CM\n   processes, and the document approval process. These processes are in need of\n   review and update to ensure they are efficient and produce desired results in the\n    form of consistent and complete programmatic and technical documentation.\n\nManagement\'s Response. Concur. A Quality Assurance plan for FDsys is under\ndevelopment (see Appendix A).\n\x0cEvaluation of Management\'s Response. Management\'s proposed actions are\nresponsive to the recommendation. The recommendation is resolved, but will remain\nundispositioned and open for reporting purposes until corrective actions are verified\nby the IV&V team.\n\x0c      Appendix A. Management\'s Response\n\n\n\n\n                          U.S. G O V E R N M E N T\n                          PRINTING OFFICE\n                          KEEPING AMERICA I N F O R M E D\n\n                                                                               MEMORANDUM\n\n\n\n\nDATE:          December 8,2008\n\nREPLYTO\n ATTN OF:     Chief Information Officer\n\nSUBJECT:      Federal Digital System (FDsys) Independent Verification and Validation\n              (IV&V) - Draft Fifth Quarter Risk Management, Issues, and Traceability\n              Report\n\nTO:           Assistant Inspector General for Audits and Inspections\n\n\nThank you for the opportunity to respond to the Draft Fifth Quarter report. regarding\nGPO\'s Federal Digital System (FDsys).\n\nThe program leadership team and I agree with a few of the IV&V observationsand\nrecommendations. Overall, we remain confident that we are taking the necessary steps\nto ensure that FDsys is delivered successfully.\n\nWhile we appreciate the timely, preliminary reviews of the material we believe that it is in\nthe programs best interest for these reports to be final no more than one (1) month after\nthe assessment period. As it stands, this draft report represents a two (2) month gap\nbetween the assessment period and issuance of the report.\n\nThis response deals solely with the recommendations as presented in the document.\n\n\n                                    Recommendations:\n\nRecommendation#l: Schedule Adiustment - The FDsys management team has\nconsidered adjusting the schedule. However, the R1C2 Integrated Master Schedule was\ndeveloped and extensively reviewed by the development, infrastructure, test, and\ntraining teams. The FDsys team believes the schedule is sound and achievable.\n\nRecommendation#2: Earned Value - With the IMS in place the PMO is working to\ndetermine how to best employ EVM on the FDsys program to support RlC2 as well as\nfuture releases. It is likely that EVM will not be used in the first release and that EVM will\nbe used to support the second release.\n\n                                           -\nRecommendation #3: Realistic Traininq The PMO does not foresee any issue with\nscheduling training prior to UAT, as it ensures GPO users are comfortable in their roles\nand can adequately perform testing and provide feedback.\n\x0cAppendix A\n\n\n\n\n                                            -\n         Recommendation#4: Test Strateqy The PMO reviewed IV&V test recommendations\n         with the FDsys test lead and the recommendationsare being applied to the test program\n         as applicable.\n\n\n\n                              -\n         Recommendation#5 lmorove RD Decomoosition - A second systems engineer was\n         added to the program on October 7Ihto provide additional requirements and test support.\n         The IV&V recommendation on decompositionof parent requirements has been reviewed\n         with the PMO and requirements engineers and will be applied as applicable.\n\n                                                -\n         Recommendation#6: Test Procedures See #4 above\n\n         Recommendation#7: Scooe of SDD -The SDD addresses the architectural end-to-end\n         view in terms of business processes implementation. Use cases included are reflected in\n         and implemented as workflow activities. User roles along with groups are described in\n         the repository design as well Workflow task assignments depend on user roles\n\n                                                    -\n         Recommendation#8: Technical information The PMO believes the area of exception\n         handling, system monitoring, and backup and recovery have been addressed in the\n         FDsys R1C2 SDD. An Interface Control Document (ICD) for the Integrated Library\n         System has been developed and reviewed. A data mrgration plan is under review within\n         the PMO.\n\n         Recommendation#9: Uodate ReDositorv - The Repository design (SDD Volume II) has\n         been updated to address the rules engine and configuration.\n\n         Recommendation#lo: QA Proaram -The PMO agrees that a QA program should be\n         instituted for the FDsys program. A Quality Assurance plan for FDsys is under\n         development by resources in the Quality organization within GPO IT, will be managed\n         from within this organization.\n\n\n\n\n             &a\n         MICHAEL L. WASH\n\x0c                A ~ ~ e n dB.\n                           i x Status of Recommendations\n\nRecommendation No.           Resolved   Unresolved   OpenIECD*   Closed\n         1                                   X                   X\n         2                       X                      TBD\n         3                                   X                   X\n            4                    X                      TBD\n            5                    X                      TBD\n            6                    X                      TBD\n            7                                X                   X\n           8                                 X                   X\n           9                     X                      TBD\n           10                    X                      TBD\n\n"Estimated Completion Date\n\x0c                    Appendix C. Report Distribution\n\nPublic Printer\nChief of Staff\nGeneral Counsel\nChief Acquisition Officer\nChief Management Officer\nChief Technology Officer\n\x0c'